Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

password

Former Member

‎03-01-2008 1:10 AM

0 Kudos

Is it possible,that my password should not expiry at all?.

for dialog systems or system.

sri

6 REPLIES 6

Former Member

‎03-01-2008 4:20 AM

0 Kudos

Hello Sri,

The profile parameter login/password_expiration_time controls the expiry time of password. As long as this parameter is not maintained in the system profiles (dont confuse with Authorization profiles) in RZ10, you user password wont expire.

But the normal rule (atleast in production systems) is that

Users of the type DIALOG are not exempt from password epiration rules:

The profile parameter login/password_expiration_time controls this. the default value is 0 (number of days) and the maximum value is 1000. Normally we use a value of 30 days.

Also here is a link for Parameters with regards to login. Might be useful for you.

http://help.sap.com/saphelp_nw04s/helpdata/en/22/41c43ac23cef2fe10000000a114084/content.htm

Hope this helps.

Regards,

Prashant

Former Member
In response to Former Member

‎03-01-2008 6:39 PM

0 Kudos

Prashant,

if i go and change profile parameter login/password_expiration_time controls the expiry time of password

in RZ10, it will be applicable to all DIALOG users.

But i want it to restrict particular user...how it works over here

(user groups might come into picture...

sri

Former Member

‎03-01-2008 4:23 AM

0 Kudos

Also, if you are talking of users of the type system, password expiry rules (even if they are set) dont apply to them.

Password expiry rules also dont apply to user of type Service since these users are used for anonymopus logins i.e the user ID is shared amonst a group of people and hence the normal rule is that they have highly restricted access (display authorizations only).

Regards,

Prashant

Former Member

‎03-02-2008 10:31 AM

0 Kudos

Hello Sri,

No there is no praticular rule which allows you to group users together so that they cant be locked.

What ever rules we apply will be applicable to all the users of that type.

Infact a couple of days ago there was a discussion on the same issue in one of the threads raised by Julius Bussche (Moderator) in the Security Forum.

Try searching the thread with search criteria "Exceptions to the rule... idle users who are expected to be idle?".

You will get an insight on the issue.

Regards,

Prashant

Former Member
In response to Former Member

‎03-02-2008 10:07 PM

0 Kudos

For the record:

My question did not want to avoid changing the password, at whatever point in time.... nor for a specific user group.

It wanted to keep a secure user administration (of users in in decentral locations), without locking the user account for the reason of expected inactivity.

=> However, when the user logs on as expected, they should change the password (when it is expired) as per the policy, unless they exceed the expected period (or specific date...).

My case is specific to decentral end users.

Central administrators not wanting to change their passwords (as per a system policy) are a different case.

Kind regards,

Julius

Edited by: Julius Bussche on Mar 2, 2008 11:55 PM

Former Member
In response to Former Member

‎03-03-2008 3:54 AM

0 Kudos

Yes ofcourse Julius i did get the scope of our discussion on your thread. I just wanted Sri to get an insight on this instead of looking for a solution on having a user whose password would not expire at all (just in case he wanted to use the RZ10 parameter as mentioned above). But he too understands very the implications of such a change (as all administrators do ).

Regards,

Prashant